2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
12 #include <linux/if_ether.h>
13 #include <linux/etherdevice.h>
14 #include <linux/list.h>
15 #include <linux/rcupdate.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/slab.h>
18 #include <linux/export.h>
19 #include <net/mac80211.h>
20 #include <asm/unaligned.h>
21 #include "ieee80211_i.h"
22 #include "driver-ops.h"
23 #include "debugfs_key.h"
29 * DOC: Key handling basics
31 * Key handling in mac80211 is done based on per-interface (sub_if_data)
32 * keys and per-station keys. Since each station belongs to an interface,
33 * each station key also belongs to that interface.
35 * Hardware acceleration is done on a best-effort basis for algorithms
36 * that are implemented in software, for each key the hardware is asked
37 * to enable that key for offloading but if it cannot do that the key is
38 * simply kept for software encryption (unless it is for an algorithm
39 * that isn't implemented in software).
40 * There is currently no way of knowing whether a key is handled in SW
41 * or HW except by looking into debugfs.
43 * All key management is internally protected by a mutex. Within all
44 * other parts of mac80211, key references are, just as STA structure
45 * references, protected by RCU. Note, however, that some things are
46 * unprotected, namely the key->sta dereferences within the hardware
47 * acceleration functions. This means that sta_info_destroy() must
48 * remove the key which waits for an RCU grace period.
51 static const u8 bcast_addr
[ETH_ALEN
] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
53 static void assert_key_lock(struct ieee80211_local
*local
)
55 lockdep_assert_held(&local
->key_mtx
);
58 static void increment_tailroom_need_count(struct ieee80211_sub_if_data
*sdata
)
61 * When this count is zero, SKB resizing for allocating tailroom
62 * for IV or MMIC is skipped. But, this check has created two race
63 * cases in xmit path while transiting from zero count to one:
65 * 1. SKB resize was skipped because no key was added but just before
66 * the xmit key is added and SW encryption kicks off.
68 * 2. SKB resize was skipped because all the keys were hw planted but
69 * just before xmit one of the key is deleted and SW encryption kicks
72 * In both the above case SW encryption will find not enough space for
73 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
75 * Solution has been explained at
76 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
79 if (!sdata
->crypto_tx_tailroom_needed_cnt
++) {
81 * Flush all XMIT packets currently using HW encryption or no
82 * encryption at all if the count transition is from 0 -> 1.
88 static int ieee80211_key_enable_hw_accel(struct ieee80211_key
*key
)
90 struct ieee80211_sub_if_data
*sdata
;
96 if (!key
->local
->ops
->set_key
)
99 assert_key_lock(key
->local
);
104 * If this is a per-STA GTK, check if it
105 * is supported; if not, return.
107 if (sta
&& !(key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
) &&
108 !(key
->local
->hw
.flags
& IEEE80211_HW_SUPPORTS_PER_STA_GTK
))
109 goto out_unsupported
;
111 if (sta
&& !sta
->uploaded
)
112 goto out_unsupported
;
115 if (sdata
->vif
.type
== NL80211_IFTYPE_AP_VLAN
) {
117 * The driver doesn't know anything about VLAN interfaces.
118 * Hence, don't send GTKs for VLAN interfaces to the driver.
120 if (!(key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
))
121 goto out_unsupported
;
124 ret
= drv_set_key(key
->local
, SET_KEY
, sdata
,
125 sta
? &sta
->sta
: NULL
, &key
->conf
);
128 key
->flags
|= KEY_FLAG_UPLOADED_TO_HARDWARE
;
130 if (!((key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_MMIC
) ||
131 (key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_IV
) ||
132 (key
->conf
.flags
& IEEE80211_KEY_FLAG_PUT_IV_SPACE
)))
133 sdata
->crypto_tx_tailroom_needed_cnt
--;
135 WARN_ON((key
->conf
.flags
& IEEE80211_KEY_FLAG_PUT_IV_SPACE
) &&
136 (key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_IV
));
141 if (ret
!= -ENOSPC
&& ret
!= -EOPNOTSUPP
)
143 "failed to set key (%d, %pM) to hardware (%d)\n",
145 sta
? sta
->sta
.addr
: bcast_addr
, ret
);
148 switch (key
->conf
.cipher
) {
149 case WLAN_CIPHER_SUITE_WEP40
:
150 case WLAN_CIPHER_SUITE_WEP104
:
151 case WLAN_CIPHER_SUITE_TKIP
:
152 case WLAN_CIPHER_SUITE_CCMP
:
153 case WLAN_CIPHER_SUITE_AES_CMAC
:
154 /* all of these we can do in software */
161 static void ieee80211_key_disable_hw_accel(struct ieee80211_key
*key
)
163 struct ieee80211_sub_if_data
*sdata
;
164 struct sta_info
*sta
;
169 if (!key
|| !key
->local
->ops
->set_key
)
172 assert_key_lock(key
->local
);
174 if (!(key
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
))
180 if (!((key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_MMIC
) ||
181 (key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_IV
) ||
182 (key
->conf
.flags
& IEEE80211_KEY_FLAG_PUT_IV_SPACE
)))
183 increment_tailroom_need_count(sdata
);
185 ret
= drv_set_key(key
->local
, DISABLE_KEY
, sdata
,
186 sta
? &sta
->sta
: NULL
, &key
->conf
);
190 "failed to remove key (%d, %pM) from hardware (%d)\n",
192 sta
? sta
->sta
.addr
: bcast_addr
, ret
);
194 key
->flags
&= ~KEY_FLAG_UPLOADED_TO_HARDWARE
;
197 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data
*sdata
,
198 int idx
, bool uni
, bool multi
)
200 struct ieee80211_key
*key
= NULL
;
202 assert_key_lock(sdata
->local
);
204 if (idx
>= 0 && idx
< NUM_DEFAULT_KEYS
)
205 key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
208 rcu_assign_pointer(sdata
->default_unicast_key
, key
);
209 drv_set_default_unicast_key(sdata
->local
, sdata
, idx
);
213 rcu_assign_pointer(sdata
->default_multicast_key
, key
);
215 ieee80211_debugfs_key_update_default(sdata
);
218 void ieee80211_set_default_key(struct ieee80211_sub_if_data
*sdata
, int idx
,
219 bool uni
, bool multi
)
221 mutex_lock(&sdata
->local
->key_mtx
);
222 __ieee80211_set_default_key(sdata
, idx
, uni
, multi
);
223 mutex_unlock(&sdata
->local
->key_mtx
);
227 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data
*sdata
, int idx
)
229 struct ieee80211_key
*key
= NULL
;
231 assert_key_lock(sdata
->local
);
233 if (idx
>= NUM_DEFAULT_KEYS
&&
234 idx
< NUM_DEFAULT_KEYS
+ NUM_DEFAULT_MGMT_KEYS
)
235 key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
237 rcu_assign_pointer(sdata
->default_mgmt_key
, key
);
239 ieee80211_debugfs_key_update_default(sdata
);
242 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data
*sdata
,
245 mutex_lock(&sdata
->local
->key_mtx
);
246 __ieee80211_set_default_mgmt_key(sdata
, idx
);
247 mutex_unlock(&sdata
->local
->key_mtx
);
251 static void __ieee80211_key_replace(struct ieee80211_sub_if_data
*sdata
,
252 struct sta_info
*sta
,
254 struct ieee80211_key
*old
,
255 struct ieee80211_key
*new)
258 bool defunikey
, defmultikey
, defmgmtkey
;
261 list_add_tail(&new->list
, &sdata
->key_list
);
263 if (sta
&& pairwise
) {
264 rcu_assign_pointer(sta
->ptk
, new);
267 idx
= old
->conf
.keyidx
;
269 idx
= new->conf
.keyidx
;
270 rcu_assign_pointer(sta
->gtk
[idx
], new);
272 WARN_ON(new && old
&& new->conf
.keyidx
!= old
->conf
.keyidx
);
275 idx
= old
->conf
.keyidx
;
277 idx
= new->conf
.keyidx
;
280 old
== key_mtx_dereference(sdata
->local
,
281 sdata
->default_unicast_key
);
283 old
== key_mtx_dereference(sdata
->local
,
284 sdata
->default_multicast_key
);
286 old
== key_mtx_dereference(sdata
->local
,
287 sdata
->default_mgmt_key
);
289 if (defunikey
&& !new)
290 __ieee80211_set_default_key(sdata
, -1, true, false);
291 if (defmultikey
&& !new)
292 __ieee80211_set_default_key(sdata
, -1, false, true);
293 if (defmgmtkey
&& !new)
294 __ieee80211_set_default_mgmt_key(sdata
, -1);
296 rcu_assign_pointer(sdata
->keys
[idx
], new);
297 if (defunikey
&& new)
298 __ieee80211_set_default_key(sdata
, new->conf
.keyidx
,
300 if (defmultikey
&& new)
301 __ieee80211_set_default_key(sdata
, new->conf
.keyidx
,
303 if (defmgmtkey
&& new)
304 __ieee80211_set_default_mgmt_key(sdata
,
309 list_del(&old
->list
);
312 struct ieee80211_key
*ieee80211_key_alloc(u32 cipher
, int idx
, size_t key_len
,
314 size_t seq_len
, const u8
*seq
)
316 struct ieee80211_key
*key
;
319 BUG_ON(idx
< 0 || idx
>= NUM_DEFAULT_KEYS
+ NUM_DEFAULT_MGMT_KEYS
);
321 key
= kzalloc(sizeof(struct ieee80211_key
) + key_len
, GFP_KERNEL
);
323 return ERR_PTR(-ENOMEM
);
326 * Default to software encryption; we'll later upload the
327 * key to the hardware if possible.
332 key
->conf
.cipher
= cipher
;
333 key
->conf
.keyidx
= idx
;
334 key
->conf
.keylen
= key_len
;
336 case WLAN_CIPHER_SUITE_WEP40
:
337 case WLAN_CIPHER_SUITE_WEP104
:
338 key
->conf
.iv_len
= WEP_IV_LEN
;
339 key
->conf
.icv_len
= WEP_ICV_LEN
;
341 case WLAN_CIPHER_SUITE_TKIP
:
342 key
->conf
.iv_len
= TKIP_IV_LEN
;
343 key
->conf
.icv_len
= TKIP_ICV_LEN
;
345 for (i
= 0; i
< IEEE80211_NUM_TIDS
; i
++) {
346 key
->u
.tkip
.rx
[i
].iv32
=
347 get_unaligned_le32(&seq
[2]);
348 key
->u
.tkip
.rx
[i
].iv16
=
349 get_unaligned_le16(seq
);
352 spin_lock_init(&key
->u
.tkip
.txlock
);
354 case WLAN_CIPHER_SUITE_CCMP
:
355 key
->conf
.iv_len
= CCMP_HDR_LEN
;
356 key
->conf
.icv_len
= CCMP_MIC_LEN
;
358 for (i
= 0; i
< IEEE80211_NUM_TIDS
+ 1; i
++)
359 for (j
= 0; j
< CCMP_PN_LEN
; j
++)
360 key
->u
.ccmp
.rx_pn
[i
][j
] =
361 seq
[CCMP_PN_LEN
- j
- 1];
364 * Initialize AES key state here as an optimization so that
365 * it does not need to be initialized for every packet.
367 key
->u
.ccmp
.tfm
= ieee80211_aes_key_setup_encrypt(key_data
);
368 if (IS_ERR(key
->u
.ccmp
.tfm
)) {
369 err
= PTR_ERR(key
->u
.ccmp
.tfm
);
374 case WLAN_CIPHER_SUITE_AES_CMAC
:
375 key
->conf
.iv_len
= 0;
376 key
->conf
.icv_len
= sizeof(struct ieee80211_mmie
);
378 for (j
= 0; j
< CMAC_PN_LEN
; j
++)
379 key
->u
.aes_cmac
.rx_pn
[j
] =
380 seq
[CMAC_PN_LEN
- j
- 1];
382 * Initialize AES key state here as an optimization so that
383 * it does not need to be initialized for every packet.
385 key
->u
.aes_cmac
.tfm
=
386 ieee80211_aes_cmac_key_setup(key_data
);
387 if (IS_ERR(key
->u
.aes_cmac
.tfm
)) {
388 err
= PTR_ERR(key
->u
.aes_cmac
.tfm
);
394 memcpy(key
->conf
.key
, key_data
, key_len
);
395 INIT_LIST_HEAD(&key
->list
);
400 static void __ieee80211_key_destroy(struct ieee80211_key
*key
,
407 * Synchronize so the TX path can no longer be using
408 * this key before we free/remove it.
413 ieee80211_key_disable_hw_accel(key
);
415 if (key
->conf
.cipher
== WLAN_CIPHER_SUITE_CCMP
)
416 ieee80211_aes_key_free(key
->u
.ccmp
.tfm
);
417 if (key
->conf
.cipher
== WLAN_CIPHER_SUITE_AES_CMAC
)
418 ieee80211_aes_cmac_key_free(key
->u
.aes_cmac
.tfm
);
420 struct ieee80211_sub_if_data
*sdata
= key
->sdata
;
422 ieee80211_debugfs_key_remove(key
);
424 if (delay_tailroom
) {
425 /* see ieee80211_delayed_tailroom_dec */
426 sdata
->crypto_tx_tailroom_pending_dec
++;
427 schedule_delayed_work(&sdata
->dec_tailroom_needed_wk
,
430 sdata
->crypto_tx_tailroom_needed_cnt
--;
437 int ieee80211_key_link(struct ieee80211_key
*key
,
438 struct ieee80211_sub_if_data
*sdata
,
439 struct sta_info
*sta
)
441 struct ieee80211_key
*old_key
;
448 pairwise
= key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
;
449 idx
= key
->conf
.keyidx
;
450 key
->local
= sdata
->local
;
454 mutex_lock(&sdata
->local
->key_mtx
);
457 old_key
= key_mtx_dereference(sdata
->local
, sta
->ptk
);
459 old_key
= key_mtx_dereference(sdata
->local
, sta
->gtk
[idx
]);
461 old_key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
463 increment_tailroom_need_count(sdata
);
465 __ieee80211_key_replace(sdata
, sta
, pairwise
, old_key
, key
);
466 __ieee80211_key_destroy(old_key
, true);
468 ieee80211_debugfs_key_add(key
);
470 ret
= ieee80211_key_enable_hw_accel(key
);
472 mutex_unlock(&sdata
->local
->key_mtx
);
477 void __ieee80211_key_free(struct ieee80211_key
*key
, bool delay_tailroom
)
483 * Replace key with nothingness if it was ever used.
486 __ieee80211_key_replace(key
->sdata
, key
->sta
,
487 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
489 __ieee80211_key_destroy(key
, delay_tailroom
);
492 void ieee80211_key_free(struct ieee80211_local
*local
,
493 struct ieee80211_key
*key
)
495 mutex_lock(&local
->key_mtx
);
496 __ieee80211_key_free(key
, true);
497 mutex_unlock(&local
->key_mtx
);
500 void ieee80211_enable_keys(struct ieee80211_sub_if_data
*sdata
)
502 struct ieee80211_key
*key
;
506 if (WARN_ON(!ieee80211_sdata_running(sdata
)))
509 mutex_lock(&sdata
->local
->key_mtx
);
511 sdata
->crypto_tx_tailroom_needed_cnt
= 0;
513 list_for_each_entry(key
, &sdata
->key_list
, list
) {
514 increment_tailroom_need_count(sdata
);
515 ieee80211_key_enable_hw_accel(key
);
518 mutex_unlock(&sdata
->local
->key_mtx
);
521 void ieee80211_iter_keys(struct ieee80211_hw
*hw
,
522 struct ieee80211_vif
*vif
,
523 void (*iter
)(struct ieee80211_hw
*hw
,
524 struct ieee80211_vif
*vif
,
525 struct ieee80211_sta
*sta
,
526 struct ieee80211_key_conf
*key
,
530 struct ieee80211_local
*local
= hw_to_local(hw
);
531 struct ieee80211_key
*key
;
532 struct ieee80211_sub_if_data
*sdata
;
536 mutex_lock(&local
->key_mtx
);
538 sdata
= vif_to_sdata(vif
);
539 list_for_each_entry(key
, &sdata
->key_list
, list
)
540 iter(hw
, &sdata
->vif
,
541 key
->sta
? &key
->sta
->sta
: NULL
,
542 &key
->conf
, iter_data
);
544 list_for_each_entry(sdata
, &local
->interfaces
, list
)
545 list_for_each_entry(key
, &sdata
->key_list
, list
)
546 iter(hw
, &sdata
->vif
,
547 key
->sta
? &key
->sta
->sta
: NULL
,
548 &key
->conf
, iter_data
);
550 mutex_unlock(&local
->key_mtx
);
552 EXPORT_SYMBOL(ieee80211_iter_keys
);
554 void ieee80211_free_keys(struct ieee80211_sub_if_data
*sdata
)
556 struct ieee80211_key
*key
, *tmp
;
558 cancel_delayed_work_sync(&sdata
->dec_tailroom_needed_wk
);
560 mutex_lock(&sdata
->local
->key_mtx
);
562 sdata
->crypto_tx_tailroom_needed_cnt
-=
563 sdata
->crypto_tx_tailroom_pending_dec
;
564 sdata
->crypto_tx_tailroom_pending_dec
= 0;
566 ieee80211_debugfs_key_remove_mgmt_default(sdata
);
568 list_for_each_entry_safe(key
, tmp
, &sdata
->key_list
, list
)
569 __ieee80211_key_free(key
, false);
571 ieee80211_debugfs_key_update_default(sdata
);
573 WARN_ON_ONCE(sdata
->crypto_tx_tailroom_needed_cnt
||
574 sdata
->crypto_tx_tailroom_pending_dec
);
576 mutex_unlock(&sdata
->local
->key_mtx
);
579 void ieee80211_delayed_tailroom_dec(struct work_struct
*wk
)
581 struct ieee80211_sub_if_data
*sdata
;
583 sdata
= container_of(wk
, struct ieee80211_sub_if_data
,
584 dec_tailroom_needed_wk
.work
);
587 * The reason for the delayed tailroom needed decrementing is to
588 * make roaming faster: during roaming, all keys are first deleted
589 * and then new keys are installed. The first new key causes the
590 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
591 * the cost of synchronize_net() (which can be slow). Avoid this
592 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
593 * key removal for a while, so if we roam the value is larger than
594 * zero and no 0->1 transition happens.
596 * The cost is that if the AP switching was from an AP with keys
597 * to one without, we still allocate tailroom while it would no
598 * longer be needed. However, in the typical (fast) roaming case
599 * within an ESS this usually won't happen.
602 mutex_lock(&sdata
->local
->key_mtx
);
603 sdata
->crypto_tx_tailroom_needed_cnt
-=
604 sdata
->crypto_tx_tailroom_pending_dec
;
605 sdata
->crypto_tx_tailroom_pending_dec
= 0;
606 mutex_unlock(&sdata
->local
->key_mtx
);
609 void ieee80211_gtk_rekey_notify(struct ieee80211_vif
*vif
, const u8
*bssid
,
610 const u8
*replay_ctr
, gfp_t gfp
)
612 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
614 trace_api_gtk_rekey_notify(sdata
, bssid
, replay_ctr
);
616 cfg80211_gtk_rekey_notify(sdata
->dev
, bssid
, replay_ctr
, gfp
);
618 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify
);
620 void ieee80211_get_key_tx_seq(struct ieee80211_key_conf
*keyconf
,
621 struct ieee80211_key_seq
*seq
)
623 struct ieee80211_key
*key
;
626 if (WARN_ON(!(keyconf
->flags
& IEEE80211_KEY_FLAG_GENERATE_IV
)))
629 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
631 switch (key
->conf
.cipher
) {
632 case WLAN_CIPHER_SUITE_TKIP
:
633 seq
->tkip
.iv32
= key
->u
.tkip
.tx
.iv32
;
634 seq
->tkip
.iv16
= key
->u
.tkip
.tx
.iv16
;
636 case WLAN_CIPHER_SUITE_CCMP
:
637 pn64
= atomic64_read(&key
->u
.ccmp
.tx_pn
);
638 seq
->ccmp
.pn
[5] = pn64
;
639 seq
->ccmp
.pn
[4] = pn64
>> 8;
640 seq
->ccmp
.pn
[3] = pn64
>> 16;
641 seq
->ccmp
.pn
[2] = pn64
>> 24;
642 seq
->ccmp
.pn
[1] = pn64
>> 32;
643 seq
->ccmp
.pn
[0] = pn64
>> 40;
645 case WLAN_CIPHER_SUITE_AES_CMAC
:
646 pn64
= atomic64_read(&key
->u
.aes_cmac
.tx_pn
);
647 seq
->ccmp
.pn
[5] = pn64
;
648 seq
->ccmp
.pn
[4] = pn64
>> 8;
649 seq
->ccmp
.pn
[3] = pn64
>> 16;
650 seq
->ccmp
.pn
[2] = pn64
>> 24;
651 seq
->ccmp
.pn
[1] = pn64
>> 32;
652 seq
->ccmp
.pn
[0] = pn64
>> 40;
658 EXPORT_SYMBOL(ieee80211_get_key_tx_seq
);
660 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf
*keyconf
,
661 int tid
, struct ieee80211_key_seq
*seq
)
663 struct ieee80211_key
*key
;
666 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
668 switch (key
->conf
.cipher
) {
669 case WLAN_CIPHER_SUITE_TKIP
:
670 if (WARN_ON(tid
< 0 || tid
>= IEEE80211_NUM_TIDS
))
672 seq
->tkip
.iv32
= key
->u
.tkip
.rx
[tid
].iv32
;
673 seq
->tkip
.iv16
= key
->u
.tkip
.rx
[tid
].iv16
;
675 case WLAN_CIPHER_SUITE_CCMP
:
676 if (WARN_ON(tid
< -1 || tid
>= IEEE80211_NUM_TIDS
))
679 pn
= key
->u
.ccmp
.rx_pn
[IEEE80211_NUM_TIDS
];
681 pn
= key
->u
.ccmp
.rx_pn
[tid
];
682 memcpy(seq
->ccmp
.pn
, pn
, CCMP_PN_LEN
);
684 case WLAN_CIPHER_SUITE_AES_CMAC
:
685 if (WARN_ON(tid
!= 0))
687 pn
= key
->u
.aes_cmac
.rx_pn
;
688 memcpy(seq
->aes_cmac
.pn
, pn
, CMAC_PN_LEN
);
692 EXPORT_SYMBOL(ieee80211_get_key_rx_seq
);